[CentOS5] GeoIP 커널 모듈 빌드 하는 방법

32비트? 64비트?

# getconf LONG_BIT

일단 kernel-devel 설치

# rpm -ivh kernel-devel-2.6.??-???

# cd /usr/src

# wget http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20100218.tar.bz2

# tar jxvfp patch-o-matic-ng-20100218.tar.bz2

# rpm -ivh iptables-1.3.5-5.3.el5.src.rpm

# cd /usr/src/redhat/SOURCES

# tar xfj iptables-1.3.5.tar.bz2

# cd /usr/src/

# ln -s /usr/src/redhat/SOURCES/iptables-1.3.5 /usr/src/iptables

# ln -s /usr/src/kernels/2.6.18-128.1.6.el5-x86_64 /usr/src/linux

# cd patch-o-matic-ng-20100218

# ./runme --download

# ./runme geoip

Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y

아래와 같은 에러 메시지가 나온다면?

Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y

unable to find ladd slot in src /tmp/pom-6049/net/ipv4/netfilter/Makefile (./patchlets/geoip/linux-2.6/./net/ipv4/netfilter/Makefile.ladd)

해결방법

# cat /usr/src/patch-o-matic-ng-20080521/patchlets/geoip/linux-2.6/net/ipv4/netfilter/Makefile.ladd >> /usr/src/linux/net/ipv4/netfilter/Makefile

# cd /usr/src/iptables

# make

# cd extensions

# cp libipt_geoip.so /lib64/iptables/

# cd /usr/src/linux

# make oldconfig

geoip match support (IP_NF_MATCH_GEOIP) [N/m/?] (NEW) m

# mv net/ipv4/netfilter/Makefile net/ipv4/netfilter/Makefile.orig

# vim net/ipv4/netfilter/Makefile

obj-m := ipt_geoip.o

KDIR := /lib/modules/$(shell uname -r)/build

PWD   := $(shell pwd)

default:

    $(MAKE) -C $(KDIR) M=$(PWD) modules

# make M=net/ipv4/netfilter

# cp net/ipv4/netfilter/ipt_geoip.ko /lib/modules/2.6.18-128.1.6.el5/kernel/net/ipv4/netfilter/

# chmod 744 /lib/modules/2.6.18-128.1.6.el5/kernel/net/ipv4/netfilter/ipt_geoip.ko

# depmod -a

# modprobe ipt_geoip

# lsmod | grep geoip

ipt_geoip              37000  0 

x_tables               50505  4 ipt_geoip,xt_state,ip_tables,xt_tcpudp

# wget http://people.netfilter.org/peejix/geoip/tools/geoip_update.sh

# vi geoip_update.sh

### URL 변경

GEO_BIN="http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.bin"

GEO_IDX="http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.idx"

# sh geoip_update.sh

# wget http://people.netfilter.org/peejix/geoip/tools/csv2bin-20041103.tar.gz

# tar zxvfp csv2bin-20041103.tar.gz 

# cd csv2bin

# make 

# wget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip

# unzip GeoIPCountryCSV.zip

# ./csv2bin GeoIPCountryWhois.csv

# iptables -A INPUT -m geoip --src-cc CN -j REJECT